Fortune 100 InfoSec on a Budget

Eric Capuano

Sunday, December 17th, 7:15pm - 8:15pm

A common misconception is that it takes spending millions to be good at security. Not only is this untrue, but I will share ways that you can increase security posture while actually reducing spending. This talk outlines many of the tricks and mindsets to doing security well without breaking the bank. This is not the typical "Problem, problem, problem...." talk.... This is a solution-based talk that goes back to many of the basic challenges facing SOC teams everywhere.

Speaker bio:

Eric Capuano began his career in Information Security as a Tactics Developer for the United States Air Force, specializing later in intrusion detection signature development. Since departing active duty, Eric has lead cybersecurity operations in both private and government entities. He currently manages the Security Operations Center for the Texas Department of Public Safety, where he singlehandedly built the agency's first CSIRT. Eric routinely leverages Windows forensics skills in support of defensive and incident response operations as well as providing support to law enforcement. With this experience, Eric is able to provide real-world forensics experience not only for LE/investigative purposes, but also for identifying attack methods and infection timelines of compromised systems. Eric continues to serves part-time in the Texas Air National Guard as a Cyber Warfare Operator. He also teaches Cyber Patriot and is a member of the Packet Hacking Village / Wall of Sheep at DEFCON each year. In his spare time, Eric enjoys tinkering in Python, analyzing malware, authoring threat signatures/IOCs, and developing/maintaining honeypots and deception systems. He has a passion for detailed threat analysis and uses those skills to bolster defensive postures by leveraging defense-in-depth methodologies. Eric currently holds the following certifications: GIAC GCFE, Certified Ethical Hacker, Security+, Linux+, LPIC-1, PCNSE, A+. On his blog, he shares opinions and techniques mostly centered around information security, https://blog.ecapuano.com.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.

Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.